So I bought in to Ubiquiti years ago. It was great back in the day. I loved the concept of "Enterprise hardware without the price tag." It's sad to see it has taken a down turn into just "Prosumer" stuff. It's become such a pain. The hardware doesn't last, it's impossible to get ahold of the hardware, the cost has gone up, and the software has only gotten worse. I'm stuck with the hardware for now....

I forget why but at some point I had to migrate the controller to my desktop just so I could configure the damn router and access point. Now that I have some more server horsepower I'd like to get it off my desktop.

Create a Virtual Machine

I connect to HV-03 in Windows Admin Center and go to Virtual Machines. I create a new virtual machine and call it UNIFI-01. I go into UNIFI-01's settings and move to the security tab and set it to Microsoft UEFI Certificate Authority and the mount my Ubuntu ISO.

Install Operating System

After I power on UNIFI-01 I go through the Ubuntu installation wizard. I dismount my ISO and reboot Ubuntu.

Configure Operating System

Configure SSH Key

Steps performed in Windows Terminal

• ssh-keygen -t ed25519
• Move-Item -Path c:\Users\david\filename* -Destination c:\Users\david\.ssh -Force
• I open Windows Terminal's Settings
• I open the JSON file and add the following:

            {
                "colorScheme": "Ubuntu-ColorScheme",
                "commandline": "ssh -i \"~/.ssh/unifi-01\" [email protected]",
                "experimental.retroTerminalEffect": false,
                "font": 
                {
                    "face": "Cascadia Code"
                },
                "guid": "{0caa0dad-35be-5f56-a8ff-XXXXXXXXXXXX}",
                "hidden": false,
                "name": "Unifi-01",
                "tabTitle": "Unifi-01"
            },

• I make sure the GUID is unique

Configure SSH

Steps performed on UNIFI-01

• mkdir /home/david/.ssh
• nano /home/david/.ssh/authorized_keys
• I paste in my public key and save
• chmod 600 /home/david/.ssh/authorized_keys
• sudo nano /etc/ssh/sshd_config
  • PermitRootLogin no
  • PubkeyAuthentication yes
  • PubkeyAcceptedKeyTypes ssh-ed25519
  • Password Authentication no
  • AuthorizedKeysFile /home/david/.ssh/authorized_keys
• I save the authorized_keys file
• sudo sshd -t
• sudo systemctl restart ssh

Configure Firewall

Steps performed on UNIFI-01

• sudo apt update
• sudo apt upgrade -y
• sudo ufw allow 3748/tcp
• sudo ufw allow 443/tcp
• sudo ufw allow 443/udp
• sudo ufw allow 8883/tcp
• sudo ufw allow 22/tcp
• sudo ufw enable

Install Unifi

Steps performed on UNIFI-01

• sudo apt install apt-transport-https
• ech 'deb https://www.ui.com/downloads/unifi/debian stable ubiquiti' | sudo tee /etc/apt/sources.list.d/100-ubnt-unifi.list
• wget -O /etc/apt/trusted.gpg.d/unifi-repo.gpg https://dl.ui.com/unifi/unifi-repo.gpg
• sudo apt update
• sudo apt install opendjk-8-jre-headless unifi
  • Some packages could not be installed. This may mean that you have requested an impossible situation or if you are using the unstable distribution that some required packages have not yet been created or been moved out of Incoming.
  • The following packages have unmet dependencies:
  • Unifi: depends mongodb-server (>= 2.4.10) but it is not installable....
• wget -qO - https://www.mongodb.org/static/pgp/server-3.6.asc | sudo apt-key add -
• echo "deb https://repo.mongodb.org/apt/ubuntu_xenial/mongodb-org/3.6 multiverse | sudo tee /etc/apt/sources.list.d/mongodb-org-3.6.list
• sudo apt update
• sudo apt install openjdk-8-jre-headless unifi
  • The following packages have unmet dependencies:
  • Mongodb-org-server: Depends: libssl 1.0.0 (>= 1.0.2~beta3) but it is not installable.

Sigh. How about a heads up about installing your prerequisites Ubiquiti?

• wget https://security.ubuntu.com/ubuntu/pool/main/o/openssl.0/libssl11.0.0_1.0.2n-1ubuntu5.9_amd64.deb -P /tmp
  • 404 Not Found

Whoops! I see my typo.

• wget https://security.ubuntu.com/ubuntu/pool/main/i/openssl.0/libssl1.0.0 1.0.2n-1ubuntu5.9_amd64.deb -P /tmp
  • 404 Not Found

Or not. Another typo. It's really challenging with all these ls next to 1s. Let's just copy and paste it. There, that's better.

• sudo apt update
• sudo apt install /tmp/libssl1.0.0_1.0.2n-1ubuntu5.0_amd64.deb
• sudo apt install mongodb-org
• sudo apt install unifi

That's it, let's test. The webpage is timing out. Oh another typo. I have a typo on one of the ports.

• sudo ufw deny 8883/tcp
• sudo ufw allow 8443/tcp
• sudo ufw reload

The webpage is loading now. Super!

Migrate from Old Instance to New Instance

Steps performed on New Unifi Controller

• Go through the basic setup walkthrough

Steps performed on the Old Unifi Controller

• I create a current backup

Steps performed on the New Unifi Controller

• I restore the current backup from the old controller

I did not notice before I started that the old controller is running 6.5.55 and the new one is running 7.1.65. Why hasn't the controller been auto-updating? Oh yeah, because it keeps crashing every few hours on my desktop.

Well it looks like the restore did complete. It's taken me back to the login screen on the new controller. I log back in and can see all my settings have been moved over. While I'm logged in here I update the port forwards from the old Unifi controller to the new one.

Now it looks like the devices are still reporting to the old controller, so let's fix that next.

• I shut down the old controller

Now I need to notify the devices. What was that command again?

• Set-Inform http://FQDN:8080/inform

That means the new controller needs to be able to listen on port 8080 doesn't it? Well let's open that port then.

Steps performed on UNIFI-01

• sudo ufw allow 8080/tcp
• sudo ufw reload

Actually Ubiquiti's documentation mentions a bunch of other ports Unifi wants. Lets add the ones I'll probably actually use.

• sudo ufw allow 5514/udp for remote syslog capture
• sudo ufw allow 6789/tcp for Unifi mobile speed test
• sudo ufw allow 10001/udp for device discovery`
• sudo ufw reload

Cleanup

Things are looking good. The migration was much smoother than some I have had to deal with in the past. I update the backup settings from monthly to weekly. With dedicated cycles and storage why not? I cached all of the available updates since my router and access point are a bit behind.

It seems to have automatically placed me in the early access channels. Hard pass on that, the stable software is "stable" enough. I turn on the options for auto updates. I notice the software now has an option for country restrictions. That's cool!

The last thing I need to do is uninstall the old controller from my desktop. Easily done. Lastly I work through documenting the upgrade process for the controller software.

Upgrading Documentation

From help.ui.com. Well it looks like they've just copy/pasted the installation instructions.

• echo 'deb [https://www.ui.com/downloads/unifi/debian](https://www.ui.com/downloads/unifi/debian) stable ubiquiti' | sudo tee /etc/apt/sources.list.d/100-ubnt-unifi.list
• sudo wget -O /etc/apt/trusted.gpg.d/unifi-repo.gpg [https://dl.ui.com/unifi/unifi-repo.gpg](https://dl.ui.com/unifi/unifi-repo.gpg)
• sudo apt-get update && sudo apt-get install unifi -y
  Yeah, these are literally the installation steps. It seems completely wrong. They had me add the repo so shouldn't I just be able to do an sudo apt update and sudo apt upgrade? No, I will need to do a little more. Here's the final steps to upgrade the Unifi software:

Yeah, these are literally the installation steps. It seems completely wrong. They had me add the repo so shouldn't I just be able to do an sudo apt update and sudo apt upgrade? No, I will need to a little more. Here's the final steps to upgrade the Unifi software:

• wget -O https://......./package.deb
• sudo dpkg -i package.deb